Daily NCSC-FI news followup 2020-02-25

Mobile malware evolution 2019


Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT


Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users


Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks


New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers


Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing


Quick look at a couple of current online scam campaigns


Firefox for Mac and Linux to get a new security sandbox system

www.zdnet.com/article/firefox-for-mac-and-linux-to-get-a-new-security-sandbox-system/ RLBox is an innovative project because it takes sandboxing to the next level. Instead of isolating the app from the underlying operating system, RLBox separates an app’s internal components — namely its third-party libraries — from the app’s core engine.

RSAC 2020 Keynote: Changing the Worlds False Perception of Cybersecurity

threatpost.com/rsac-2020-keynote-changing-the-worlds-false-perception-of-cybersecurity/153203/ We are only as good as the story we leave behind, he said. The story we want is a business story of cyber resilience, not a technical story of cyber ping pong.. The struggle that we often see in these types of stories engenders pity and fear, but its not one of the defender, but one of the protected.

Sen. Schumer Pushes for TSA Employee Ban on TikTok App at Work

threatpost.com/sen-schumer-pushes-for-tsa-employee-ban-on-tiktok-app-at-work/153192/ The Department of Homeland Security and two U.S. military branches already had discontinued use of the app based on concerns over Chinese data-security and censorship practices.

Microsoft previews Microsoft Defender ATP for Linux


UK financial watchdog admits to leaking confidential consumer data

www.zdnet.com/article/uk-financial-watchdog-admits-to-leaking-confidential-consumer-data/#ftag=RSSbaffb68 A Freedom of Information Act request published on the FCA website revealed more than it should.

ASIO: Relentless advance of technology was outstripping our capabilities

www.zdnet.com/article/asio-relentless-advance-of-technology-was-outstripping-our-capabilities/ Australian Security Intelligence Organisation (ASIO) Director-General of Security Mike Burgess has praised the introduction of new powers such as those contained within Australia’s encryption legislation to help the spy agency combat the new battleground that technology has created.

Australian banks targeted by DDoS extortionists

www.zdnet.com/article/australian-banks-targeted-by-ddos-extortionists/ Hackers are sending emails to banks asking for large payments in Monero, and threatening DDoS attacks if their demands aren’t met.

North Korea Is Recycling Mac Malware. That’s Not the Worst Part

www.wired.com/story/malware-reuse-north-korea-lazarus-group/ Lazarus Group hackers have long plagued the internetusing at least one tool they picked up just by looking around online.

Password killer FIDO2 comes bounding into Azure Active Directory hybrid environments


New Mozart Malware Gets Commands, Hides Traffic Using DNS


PayPal Users Hit With Fraudulent ‘Target’ Charges via Google Pay

www.bleepingcomputer.com/news/security/paypal-users-hit-with-fraudulent-target-charges-via-google-pay/ Hackers are using an unknown method to make fraudulent charges on PayPal accounts linked via GooglePay. These transactions are being charged through Target stores or Starbucks in the United States even though the account holders are in Germany.

DoppelPaymer Ransomware Launches Site to Post Victim’s Data

www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-launches-site-to-post-victims-data/ The operators of the DoppelPaymer Ransomware have launched a site that they will use to shame victims who do not pay a ransom and to publish any files that were stolen before computers were encrypted.

Credit Card Skimmer Running on 13 Sites, Despite Notification

www.bleepingcomputer.com/news/security/credit-card-skimmer-running-on-13-sites-despite-notification/ The tally of shopping websites infected by MageCart Group 12 with JavaScript that steals payment card info is seeing a sharp increase. Nearly 40 new victims have been discovered.

You might be interested in …

Daily NCSC-FI news followup 2021-01-15

Bitcoin-kiristäjä piinaa taas suomalaisia www.kauppalehti.fi/uutiset/bitcoin-kiristaja-piinaa-taas-suomalaisia-ala-maksa-masturbointilunnaita/a65ed063-b6b7-4ae9-93a8-4a4161d70b43 Verkkohuijarit ovat taas liikkeellä pornokiristyksinä tunnettujen huijausviestien kanssa. Huijarit väittävät tartuttaneensa haittaohjelman vastaanottajan koneelle tämän vierailtua aikuisviihdesivustolla. Katso myös Kyberturvallisuuskeskuksen uutinen aiheesta: www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kiristyshuijauksia-liikkeella-runsaasti-ala-usko-huijarien-vaitteita Signal down after getting flooded with new users www.bleepingcomputer.com/news/software/signal-down-after-getting-flooded-with-new-users/ Signal users are currently experiencing issues around the world, with users unable to send and receive messages. Ransomware […]

Read More

Daily NCSC-FI news followup 2021-01-17

BugTraq Will Continue: Strong internal and community feedback cancels termination www.securityfocus.com/archive/1/542248 CISA Publishes 2020 Chemical Security Presentations www.cisa.gov/chemical-security-summit Topic include: cyber and physical security in manufacturing, cybersecurity evaluation tool and others. Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks thehackernews.com/2021/01/researchers-disclose-undocumented.html Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese […]

Read More

Daily NCSC-FI news followup 2019-12-05

Suojelupoliisi: Ulkomaiset vakoojat entistä kiinnostuneempia Suomen kriittisestä infrasta mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html The theft and sale of large swaths of valuable African Internet resources was an inside job, Internet investigator Ron Guilmette has concluded after five months of detective work.. Documents obtained from industry sources and public records in Uganda show that at least one insider at AFRINIC […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.